The MBRs produced upon installing Windows 98,
and upon intalling linux

When you install an operating system on a computer, there are a number of
different parts to install. Two in particular:

Kernel - first, the bulk or guts of the code for
the operating system program. An operating system is just a computer program,
after all, so it consists of executable machine code like any other. This has to
be laid down on the hard disk somewhere, to be found and loaded into memory for
execution whenever you boot the computer. This can be called the operating
system's kernel.

Boot loader - second, the code to go out and
find that pre-positioned kernel code, in the right place on the disk, and make
it load into memory. This can be called the boot loader.

A place provided to house boot loader code is the Master Boot Record (MBR), a
term that means the first 512 bytes on a hard disk. This is suitable for code
intended to boot the computer because any code sitting there will get called
during boot (according to the hardware's design). We say it's "in the path of execution."

The programs that install operating systems-- found on OS
"installation" CDs-- always place their kernel code on
the hard disk. Usually, though sometimes optionally, they also write the code
they desire into the MBR as well. This is to ensure that their kernel code will
get loaded and executed. They insure it by emplacing code in the MBR that--
guess what?-- loads and executes their kernel. Otherwise, it would be entirely
possible to put the kernel code on the disk without it ever being executed.
That's what would happen if code that bypasses this kernel sits in the MBR (as
would be the case, for example, if the MBR instead called some other operating
system elsewhere on the disk). It would also happen if no intelligent code at
all were sitting in the MBR (in which case some kind of unpredictable halt or
crash would take place during a boot attempt).

In class, we
installed linux on a hard disk where Windows98 had been installed
earlier. We allowed linux to overwrite the MBR. This displaced
(i.e., eliminated) whatever code had previously been put there at the time when
Window98 was originally installed. Before installing linux, I captured a copy of
the old Windows MBR and saved it into a file. After the linux installation, I
did the same thing with the new MBR from linux. So we have the two files
available for comparison.

I have placed on the remote Unix server these two 512-byte files. They are:

/home/ftp/pub/mbr-byWindows98
/home/ftp/pub/mbr-byRedHatLinux.

First, the file
/home/ftp/pub/mbr-byWindows98 contains what was in the MBR at
the beginning of our linux installation session. That is, what the
original Windows install operation had inscribed there. Second, the
file /home/ftp/pub/mbr-byRedHatLinux contains what LILO wrote there
during the install (LILO is the LInux LOader, which we invoked while installing).

Before we can examine these we need to produce byte-by-byte
"file dumps." There are programs for this purpose. They are
called hexadecimal editors. A freeware example in Windows is XVI32.
In linux, the magic command is

od -Ad -tx1z <filename>

(If you have a copy of the file on one platform and want to move
it to the other, the tool to do it is ftp.)

I've done the work for you by producing two hexdumps. The files
containing them are on the remote Unix server and you can view them
via the links below. Those files are:

Via the following links, you can view either the Windows
hexdump or the linux hexdump.
Have a look at them, and given what you have learned about the content and
composition of MBRs, try to locate the code portions, the partition table
portion, and the 2-byte final signature portions of these MBRs. What do they
have in common? Where do they differ? Is any portion of them directly legible?
What do you suppose it is?